openbsc.git branch master updated. 0.14.0-23-g322b149

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "The OpenBSC GSM Base Station Controller (+MSC/HLR/SGSN)". The branch, master has been updated via 322b1499cd4d34b0148a15cb615ad6dff8203ed2 (commit) via 5b512051870017aebd79ff2ca05ad8be671728b2 (commit) via 9ed6fd25dde40e3079c5b278f543714b0d78a9f0 (commit) from 08ea4d87f6c5db1ce68ef58040a35271358fa6d8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- http://cgit.osmocom.org/openbsc/commit/?id=322b1499cd4d34b0148a15cb615ad6df… commit 322b1499cd4d34b0148a15cb615ad6dff8203ed2 Author: Jacob Erlbeck &lt;jerlbeck(a)sysmocom.de&gt; Date: Tue Apr 7 17:49:49 2015 +0200 nitb: Check source string length before calling strncpy (Coverity) Currently some VTY command do neither check the length of the source string before calling strncpy nor ensure NUL-termination afterwards. This can to destination string buffers whose contents are not NUL-teminated. This commit adds checks and corresponding warnings to the VTY commands 'subscriber TYPE ID name .NAME" and "subscriber TYPE ID extension EXTENSION". Fixes: Coverity CID 1206570, 1206569 Sponsored-by: On-Waves ehf http://cgit.osmocom.org/openbsc/commit/?id=5b512051870017aebd79ff2ca05ad8be… commit 5b512051870017aebd79ff2ca05ad8be671728b2 Author: Jacob Erlbeck &lt;jerlbeck(a)sysmocom.de&gt; Date: Tue Apr 7 17:49:48 2015 +0200 gprs: Fix GSUP cancel_type handling (Coverity) When handling an incoming GSUP cancellation request, the cancel_type if effectively ignored, such that is always handled as GPRS_GSUP_CANCEL_TYPE_UPDATE and never as WITHDRAW. This commit fixes the expression used to set the variable is_update_procedure. Fixes: Coverity CID 1267739 Sponsored-by: On-Waves ehf http://cgit.osmocom.org/openbsc/commit/?id=9ed6fd25dde40e3079c5b278f543714b… commit 9ed6fd25dde40e3079c5b278f543714b0d78a9f0 Author: Jacob Erlbeck &lt;jerlbeck(a)sysmocom.de&gt; Date: Tue Apr 7 17:49:47 2015 +0200 nat: Fix timeslot range in 'show bsc mgcp' VTY command Currently the inner loop in show_bsc_mgcp iterates of the timeslot interval [0, 31]. Timeslot 0 is not valid, which causes mgcp_timeslot_to_endpoint to generate a corresponding warning and to return an invalid endp value. That value causes an out-of-bound read access, possibly hitting unallocated memory. This patch fixes the loop range by starting with timeslot 1. Note that this does not prevent mgcp_timeslot_to_endpoint from returning an invalid endpoint index when called with arguments not within its domain. Addresses: <000b> ../../include/openbsc/mgcp.h:250 Timeslot should not be 0 [...] vty=0xb4203db0, argc=1, argv=0xbfffebb0) at bsc_nat_vty.c:256 max = 1 con = 0xb4a004f0 i = 0 j = 0 [...] ==15700== ERROR: AddressSanitizer: heap-use-after-free on address 0xb520be4f at pc 0x8062a42 bp 0xbfffeb18 sp 0xbfffeb0c Sponsored-by: On-Waves ehf ----------------------------------------------------------------------- Summary of changes: openbsc/src/gprs/gprs_subscriber.c | 3 ++- openbsc/src/libmsc/vty_interface_layer3.c | 14 ++++++++++++++ openbsc/src/osmo-bsc_nat/bsc_nat_vty.c | 2 +- openbsc/tests/sgsn/sgsn_test.c | 12 ++++++++++++ openbsc/tests/vty_test_runner.py | 26 ++++++++++++++++++++++++++ 5 files changed, 55 insertions(+), 2 deletions(-) hooks/post-receive -- The OpenBSC GSM Base Station Controller (+MSC/HLR/SGSN)